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This listing of claims will replace all prior versions, and listings, of cfaims in the 
application: 

Listing of Clainis: 

I- 7. (Cancel^) 

8. (Previously Presented) A network device for implementing Internet 
Protocol Security, comprising: 

at least one IP forwarder an^nged to receive IP packets, each IP packet being 
associated with a Security Association (SAX the at least one IP fonvarder is further 
arranged to detemnlne the destination of each IP packet and to fonA^ard each IP packet 
to its destination; 

a plurality of security procedure modules coupled to the at least one IP fonA/arder 
and arranged to implement security procedures for received IP packets in parallel; and 

a security controller arranged to allocate negotiated SAs among the security 
procedure modules and to notify the security procedure modules and the at least one IP 
forwarder of the allocation, whereby the at least one IP forwarder can send IP packets 
to the security procedure module implementing the associated SA, 

9. (Previously Presented) A device according to claim 8, wherein the 
security procedure modules are coupled together to allow the fonA^arding of an IP packet 
from one security procedure module to another. 

10. (Previously Presented) A device according to claim 8, wherein the 
security controller is responsible for creating and modifying IP packet filters In the at 
least one (P forwarder, and the filters are responsible for routing IP packets to the 
security procedure modules, 

II- (Previously Presented) A device according to claim 10, wherein the 
filtering of packets is carried out using at least one selector, the at least one selector 
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being the Security Parameter Index (SPI), which identifies a SA and which Is contained 
in a header of the IP packets. 

12, (Previously Presented) A device according to claim 8, wherein the 
security controlier is coupled to an Internet Key Exchange (IKE) module which Is 
responsible for negotiating SAs with peer IKE modules, and the security controller is 
arranged to receive from the IKE module details of negotiated SAs. 

13, (Previously Presented) A device according to claim 8, wherein at least 
one of the at least one IP fonwarder. security procedure modules, and security controller 
are implemented in at least one of software, hanjware, and a combination of hardware 
and software. 

14, (Previously Presented) A method of processing IP packets at a 
network device, the method comprising the steps of: 

allocating negotiated Security Associations (SAs) among a plurality of security 
procedure modules anranged to implement security procedures for received IP packets; 

notifying the security procedure modules and at least one IP forwarder of said 
allocation; and 

receiving IP packets at the at least one IP forwarder, identrfying the SAs 
associated with the packets, and fonA^arding the packets to the security procedure 
modules implementing the associated SAs. 
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